Vulnerability Description
Nextcloud server is an open source personal cloud solution. In affected versions an attacker could brute force to find if federated sharing is being used and potentially try to brute force access tokens for federated shares (`a-zA-Z0-9` ^ 15). It is recommended that the Nextcloud Server is upgraded to 22.2.9, 23.0.6 or 24.0.2. Users unable to upgrade may disable federated sharing via the Admin Sharing settings in `index.php/settings/admin/sharing`.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nextcloud | Nextcloud Server | < 22.2.9 |
Related Weaknesses (CWE)
References
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-2vwh-5Third Party Advisory
- https://github.com/nextcloud/server/pull/32843/commits/6eb692da7fe73c899cb6a8d2aPatchThird Party Advisory
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-2vwh-5Third Party Advisory
- https://github.com/nextcloud/server/pull/32843/commits/6eb692da7fe73c899cb6a8d2aPatchThird Party Advisory
FAQ
What is CVE-2022-31118?
CVE-2022-31118 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Nextcloud server is an open source personal cloud solution. In affected versions an attacker could brute force to find if federated sharing is being used and potentially try to brute force access toke...
How severe is CVE-2022-31118?
CVE-2022-31118 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-31118?
Check the references section above for vendor advisories and patch information. Affected products include: Nextcloud Nextcloud Server.